STIGQter STIGQter: STIG Summary: Commercial Mobile Device (CMD) Policy Security Technical Implementation Guide (STIG) Version: 2 Release: 5 Benchmark Date: 28 Oct 2016:

Required procedures must be followed for the disposal of CMDs.

DISA Rule

SV-30695r6_rule

Vulnerability Number

V-24958

Group Title

Follow procedures for disposal of CMDs

Rule Version

WIR-SPP-004

Severity

CAT III

CCI(s)

Weight

10

Fix Recommendation

Follow required procedures prior to disposing of a CMD or transitioning it to another user.

Check Contents

This requirement applies to mobile operating system (OS) CMDs.

Prior to disposing of a CMD (for example, if a CMD is transferred to another DoD or government agency), follow the disposal procedures found in the mobile operating system STIG Supplemental document.

Interview the ISSO.

Verify proper procedures are being followed and the procedures are documented.

Check to see how retired, discarded, or transitioned CMDs were disposed of during the previous 6 – 12 months and verify compliance with requirements.

If procedures are not documented or if documented, they were not followed, this is a finding.

Vulnerability Number

V-24958

Documentable

False

Rule Version

WIR-SPP-004

Severity Override Guidance

This requirement applies to mobile operating system (OS) CMDs.

Prior to disposing of a CMD (for example, if a CMD is transferred to another DoD or government agency), follow the disposal procedures found in the mobile operating system STIG Supplemental document.

Interview the ISSO.

Verify proper procedures are being followed and the procedures are documented.

Check to see how retired, discarded, or transitioned CMDs were disposed of during the previous 6 – 12 months and verify compliance with requirements.

If procedures are not documented or if documented, they were not followed, this is a finding.

Check Content Reference

M

Responsibility

System Administrator

Target Key

1978

Comments